Overview:

Unified Security Gateway

The ZyXEL USG 300 is a fully-fledged security gateway which encompasses a complete range of progressive security solutions. It is ideal for SMB customers with up to 75 PC users and - thanks to its highly flexible configuration - it gives administrators the power to set up networks efficiently including the implementation of extensive security policies.

Security on a New Level - The Future Is Ahead. Stay Ahead with ZyXEL USGs.

Utilizing networks to access internal and external mission-critical applications are common, and important as well, for small and medium-sized businesses. As faster networks bring more convenience and efficiency, businesses are facing challenges from sophisticated attacks and even cybercrime that would cause interrupted communications, degraded performance and loss of valuable information; however traditional firewalls are not capable of protecting business from such network attacks.

The ZyXEL USG 300/1000/2000 Series are security platforms that offers ultra-high performance, deep packet inspection and all-in-one multi-threat protection not only to block the latest attack combinations including intrusion attempts, viruses, worms, phishing, spyware, spam and many other malware types effectively, but also to secure remote access among branch offices, partners and customers. The USG’s real-time threat detection and continuous update services provide the fastest response speed in the networking industry to deter the evolving security threats before the business is affected. The ZyXEL USG 300/1000/2000 Series is ideal for small- and medium-size businesses to safeguard their network environments.

Ultra-high performance and protection

Comprehensive support to IPv6

Supported various VPN solutions (IPSec/SSL/2TP)

Zero-configuration remote access with EASY VPN

Support L2TP VPN on mobile device (iPhone and Android phone)

ICSA Firewall, IPSec certification

Real-time, dynamic malware protection

High Availability (HA)

Benefits:

Ultra-high performance and protection to secure business networks

The ZyXEL USG 300/1000/2000 Series delivers wire-speed performance and integrated threat management for wired networks. The USG Series provides firewall throughputs of from 350 Mbps to 2 Gbps that enables businesses to protect critical applications and networks without affecting availability or performance. In addition, the USG’s unique built-in clean-traffic architecture can prevent risks such as viruses, worms, Trojan Horses, spyware, phishing attacks and other emerging Internet threats. In short, the architecture can assure clean and secure network environments for business users.

Comprehensive IPv6 support to ensure investment protection

The ZyXEL USG Series is IPv6-ready today and is certified with “IPv6 Ready” gold logo. With IPv6 feature enabled, the USG Series ensures businesses with a smooth migration path from the IPv4-based networks to the full IPv6 infrastructure. It assigns IPv6 addresses to clients and passes the IPv6 traffics through the IPv4 environment. The USG Series supports dual-stack and IPv4 tunneling (6rd and 6to4 transition tunnel) implementations for Internet connectivity to access IPv6 applications. The comprehensive IPv6 features built into the USG Series ensure not only future-ready connectivity but also investment protection for businesses.IPv6 applications.

Various VPN solutions to simplify secure access

Establishing VPN tunnels is a good solution to provide a safe way to access necessary network resources remotely with any device anytime, anywhere. However due to the complicated configuration, it could be quite difficult for non-technical employees such as sales people to use. The ZyXEL USG Series is equipped with the “EASY VPN” solution to push configuration files to the VPN clients automatically; this eliminates the configuration efforts while securing the access at the same time. In addition, the USG Series supports L2TP VPN technology on iPhones, Android phones and many other mobile devices as L2TP VPN enables employees in remote places to connect to the headquarters with easy and free access.

Real-time, dynamic malware protection to safeguard business networks

Web security powered by BlueCoat and Commtouch

With more valuable information being placed on the data cloud, impacts from the ever-growing cybercrime should be treated seriously. As modern malware become very sophisticated and difficult to repel, the USG’s content filter from Blue Coat and Commtouch, the leading solution provider, reduces costs and extends protection by integrating a comprehensive, continuously updated database featuring millions of URLs, IP addresses and domains. With the content filter, the USG Series not only enables real-time protection to deter emerging Web threats including malware, phishing and Zombies/bots, but also monitors or blocks certain sites to maintain employee productivity.

Email security powered by Commtouch

The ZyXEL USG Series delivers industry-leading protection, powered by Commtouch, against spam, phishing and virus-laden emails. The extremely high performance of Commtouch technology comes from the unique recurrent pattern detection (RPD) mechanism that possesses its superior capability through analyzing millions of new patterns each day (24x7x365) to block all the associated messages real-time. In addition, the USG applies sender-based IP reputation to remove over 80% of unwanted mails and to take advantage of the zero-hour virus outbreak protection feature, which is capable of blocking or delaying suspicious messages hours before commercial anti-virus signatures are available.

High Availability (HA) ensures non-stop business operations

Loss of mission-critical connection can cause serious, and sometimes disastrous, consequences to businesses. The ZyXEL USG 300/1000/2000 Series provides HA features to guarantee a secure, reliable connection between the protected network and the Internet.

Multiple WAN ports and configurable load balancing between ports.

An auxiliary (backup) Internet connection known as out-of-band management.

A backup USG in case the master USG fails (Device HA).

Features:

Firewall

ICSA-certified firewall

Routing and transparent (bridge) mode

Zone-based access control list

Stateful packet inspection

User-aware policy enforcement

SIP/H.323 NAT traversal

ALG supports custom ports

IPv6 Support

IPv6 Ready gold logo certified

Dual stack

IPv4 tunneling (6rd and 6to4 transition tunnel)

Host/Router/Firewall

Virtual Private Network (VPN)

ICSA-certified IPSec VPN

Algorithm: AES/3DES/DES

Authentication: SHA-1, SHA-2/MD5

Key management: Manual key/IKE

Perfect forward secrecy (DH groups) support 1, 2, 5

IPSec NAT traversal

Dead peer detection/relay detection

Virtual Private Network (VPN)

PKI (X.509) certificate support

Centralize VPN support

Simple wizard support

Auto reconnect VPN

VPN HA (redundant remote VPN gateways)

SSL VPN

Clientless secure remote access

Support reverse proxy mode and full tunnel mode

Unified policy enforcement

Supports two-factor authentication

Customizable user portal

Intrusion Detection and Prevention (IDP)*1

Routing and transparent (bridge) mode

Zone-based IDP inspection

Customizable protection profile

Protect over 2000 attack

Automatic signature updates

Custom signatures

Protocol anomaly detection and protection

Traffic anomaly detection and protection

Flooding detection and protection

DoS/DDoS protection

Application Intelligence*1
(Application Patrol)

Identify more than 600 applications, including IM, P2P, social netowrk, stream media, VoIP, and others

Support application granularity control

Manage use of Skype/MSN, GoogleTalk, Facebook at business hours, or never

Block all use of P2P and Games applications all the time (or during business hours)

Note:
*1: Available for USG 300/1000/2000 models with Intrusion Detection/Prevention(IDP) subscription.
*2: Available for USG 300/1000/2000 models with Anti-Virus subscription.
*3: Available for all USG models with Content Filtering subscription.

Application Diagram:

USG clean-traffic architecture

The USG’s clean-traffic architecture protects against network risks such as viruses, worms, Trojan Horses, spyware, phishing attacks and other emerging Internet threats. With the clean-traffic architecture, enterprises users are assured to have clean and secure network environments.

EASY VPN — zero configuration remote access

When establishing VPN tunnels, it could be quite difficult for non-technical employees to use due to the complicated configuration.

The ZyXEL USG Series is equipped with the “EASY VPN” solution to push configuration files to the VPN clients automatically; this eliminates the configuration efforts while securing the access at the same time.

Content Filter stops malware and Web threats

The ZyXEL USG Content Filter enables businesses to protect their users and networks from malware and abuse such as spyware, phishing attacks and inappropriate P2P or IM usage. It keeps office computers from getting infected by dangerous malware and comprehensively protects business network environments.

Granular control over social networking applications

Social networking applications such as Facebook, Twitter and YouTube have become an Internet phenomenon allowing people to quickly connect and share information with each other. However, social networking applications could eclipse business productivity considerably without flexible management. The ZyXEL USG Series prevents the Internet connection from being abused to minimize bandwidth waste or human resource policy violations. The USG Series provides granular control over the usage of social networking applications.